A) Stock-exploitable (cifs-utils already present; AA/SELinux/etc. do not stop the attack) Distro/version/image cifs-utils installed by default? Default-policy PoC result (cifs-utils installed) Non-default PoC result Linux Mint 21.3/22.3 Cinnamon yes Exploitable with AA active, direct unshare Same CentOS Stream 9 GNOME yes Exploitable with SELinux enforcing Same Rocky Linux 9 Workstation yes Exploitable with SELinux enforcing Same Kali Linux 2021.4/2022.4/2023.4/2024.4/2025.4/2026.1 headless installer yes Exploitable with AA active, direct unshare Same AlmaLinux 9.7 Workstation/Azure cloud image recipe yes Exploitable with SELinux enforcing Same SLES 15 SP7/SAP 15 SP7 yes Exploitable with AA active, direct unshare Same SLES SAP 16 yes Exploitable SELinux permissive Same B) Stock-policy exploitable if cifs-utils is installed Distro/version/image cifs-utils installed by default? Default-policy PoC result (cifs-utils installed) Non-default PoC result Ubuntu 18.04/20.04/22.04 Desktop/Server no Exploitable with AA active, direct unshare Same Pop!_OS 22.04 Intel/24.04 Generic no Exploitable with AA active, direct unshare Same Ubuntu 24.04 Desktop minimal/full and Server no Direct unshare is blocked by AppArmor userns policy; exploitable through aa-exec -p trinity Direct unshare works after AppArmor userns sysctls are relaxed Debian 11/12/13 netinst standard and GNOME/KDE/standard/XFCE no Exploitable with AA active, direct unshare Same CentOS Stream 9 Cinnamon/KDE/MATE/XFCE no Exploitable with SELinux enforcing Same Rocky Linux 9 KDE/Workstation-Lite no Exploitable with SELinux enforcing Same openSUSE Leap 15.6 GNOME/KDE no Exploitable with AA active, direct unshare Same Rocky Linux 8 GenericCloud no Exploitable with SELinux enforcing Same Oracle Linux 8/9 KVM no Exploitable with SELinux enforcing Same Amazon Linux 2023 KVM no Exploitable with SELinux permissive Same C) Rest: blocked by stock policy Distro/version/image cifs-utils installed by default? Default-policy PoC result (cifs-utils installed) Non-default PoC result Ubuntu 26.04 Desktop minimal/full and Server no PoC blocked by AppArmor userns policy Exploitable after AppArmor userns sysctls are relaxed Fedora 40/41/42/43/44 Workstation/Server yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 CentOS Stream 10 GNOME yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 CentOS Stream 10 KDE no PoC blocked by SELinux enforcing Exploitable after setenforce 0 Rocky Linux 10 Workstation yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 Rocky Linux 10 KDE/Workstation-Lite no PoC blocked by SELinux enforcing Exploitable after setenforce 0 AlmaLinux 10.1 Workstation/Azure cloud image recipe yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 Oracle Linux 10 KVM no PoC blocked by SELinux enforcing Exploitable after setenforce 0 openSUSE Tumbleweed GNOME/KDE yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 openSUSE Leap 16.0 OEM GNOME/KDE yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 openSUSE Leap 16.0 Minimal-VM no PoC blocked by SELinux enforcing Exploitable after setenforce 0 SLES 16 yes PoC blocked by SELinux enforcing Exploitable after setenforce 0 D) Unaffected Distro/version/image cifs-utils installed by default? Default-policy PoC result (cifs-utils installed) Non-default PoC result Amazon Linux 2 KVM no Unaffected by this PoC: cifs-utils 6.2 lacks the namespace-switch sink N/A Kali Linux 2019.4/2020.4 yes Unaffected by this PoC after userns relaxation: cifs-utils 6.9 lacks the namespace-switch sink N/A